Network security is an important topic in a corporate information structure. There are numerous instances of security breaches discovered continually in many corporate networks. The instances happen daily and almost on an hourly basis. To cope with the security problem, corporate information technology divisions often deploy many security applications to monitor and detect security breaches. Security applications include firewalls, virus scanning applications, intrusion detection systems, intrusion prevention systems, adware detection software, spyware detection software, and many others.
Typically security applications examine network traffic, identifying potential security breaches or certain malicious behavior. When a security breach situation is suspected, a security application typically investigates the source of the traffic. For example, email virus detection software may suspect that an email contains a virus. The virus detection software wants to know which user sent the email. If the user is identified and his computer is still accessing the network, the virus detection software issues a command to shutdown the user's computer to prevent the virus from further propagating and causing further security breaches to the network. If the user is no longer accessing the network, the virus detection software wants to know when the user was on the network and determines the approximate time when the user's computer was contaminated with the virus. The virus detection software needs to know the history of user access.
In another example, an intrusion detection system detects an intrusion coming from an IP address. The intrusion detection system wants to know which user devices were associated with the IP address and when.
In a different example, a document security gateway detects a highly confidentially document is being transferred to a departmental network without proper permission. Further, the document security gateway identifies that the transfer was completed an hour ago. The document security gateway wants to know which user devices from the departmental network were accessing the network at the time of the transfer.
The above discussion identifies a need for a security application to know when a user accesses a secure data network.